China installs spyware on tourists’ Android phones, downloads data from iPhones

Foreigners visiting certain areas of China are having their smartphones searched at the border. With Android phones, authorities install a piece of spyware that has access to the user’s calendar, phone contacts, call logs, and text messages — as well as the apps they use and their usernames in some of those apps.

iOS protections mean that an iPhone app wouldn’t give them the same access, so they instead take a different approach …


For iPhones, Vice reports that border officials appear to be using equipment to download data from iPhones.

The Süddeutsche Zeitung reporter said they saw machines that appeared to be for searching iPhones at the border.

This is most likely something along the lines of Cellebrite’s Universal Forensic Extraction Device (UFED). These devices allow most data to be captured from an iPhone.

The intrusive surveillance applies to foreign visitors to the Xinjiang region.

Foreigners crossing certain Chinese borders into the Xinjiang region, where authorities are conducting a massive campaign of surveillance and oppression against the local Muslim population, are being forced to install a piece of malware on their phones that gives all of their text messages as well as other pieces of data to the authorities, a collaboration by Motherboard, Süddeutsche Zeitung, the Guardian, the New York Times, and the German public broadcaster NDR has found […]

The Android malware, which is installed by a border guard when they physically seize the phone, also scans the tourist or traveller’s device for a specific set of files, according to multiple expert analyses of the software. The files authorities are looking for include Islamic extremist content, but also innocuous Islamic material, academic books on Islam by leading researchers, and even music from a Japanese metal band […]

Once installed on an Android phone, by “side-loading” its installation and requesting certain permissions rather than downloading it from the Google Play Store, BXAQ collects all of the phone’s calendar entries, phone contacts, call logs, and text messages and uploads them to a server, according to expert analysis. The malware also scans the phone to see which apps are installed, and extracts the subject’s usernames for some installed apps.

It’s increasingly common for border officials around the world to carry out searches of smartphones belonging to visitors and citizens alike, one U.S. citizen last year suing U.S. Customs and Border Protection over what she claimed was the illegal seizure and search of her iPhone at Newark airport. But installing spyware on Android phones is a whole other level.

HyperCube iPhone USB backup charger

Check out 9to5Mac on YouTube for more Apple news:

This article was originally posted here